Adversaries and Countermeasures in Privacy-Enhanced Urban Sensing Systems

• Published in: IEEE systems journal Vol. 7; no. 2; pp. 311 - 322
• Main Authors: De Cristofaro, E., Di Pietro, R.
• Format: Journal Article
• Language: English
• Published: New York IEEE 01.06.2013; The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
• Subjects: Adversarial models; complex systems; Complexity; Computation; Cryptography; Data privacy; Detection; Devices; Infrastructure; Privacy; Proposals; Queries; querying; security; Sensors; Silicon; Smart phones; Studies; urban sensing; wireless communications; Wireless sensor networks
• ISSN: 1932-8184; 1937-9234
• DOI: 10.1109/JSYST.2012.2221957

Today's digital society increasingly relies on the interconnection of heterogenous components, encompassing assorted actors, entities, systems, and a variety of (often mobile) computing devices. Revolutionary computing paradigms, such as people-centric urban sensing, have focused on the seamless collection of meaningful data from a large number of devices. The increasing complexity of deployed urban systems and related infrastructures, along with the growing amount of information collected, prompts a number of challenging security and privacy concerns. In this paper, we explore a number of scenarios where nodes of a urban sensing system are subject to individual queries. In this setting, multiple users and organizations (e.g., infrastructure operators) co-exist, but they may not trust each other to the full extent. As a result, we address the problems of protecting: 1) secrecy of reported data, and 2) confidentiality of query interests from the prying eyes of malicious entities. We introduce a realistic network model and study different adversarial models and strategies, distinguishing between resident and nonresident adversaries, considering both randomly distributed and local attackers. For each of them, we propose a distributed privacy-preserving technique and evaluate its effectiveness via analysis and simulation. Our techniques are tunable, trading off the level of privacy assurance with a small overhead increase, and independent from the complexity of the underlying infrastructures. We additionally provide a relevant improvement of data reliability and availability, while only relying on standard symmetric cryptography. The practicality of our proposals is demonstrated both analytically and experimentally.